I'm kinda new to the flex world. I wrote an application in Flex and found out that all the code is visible by decoding programs. I've some web service calls that I make from my Flex app. Now the issue is any body who can see the code can make webservice call and do any thing. The webservice calls should be made only from my Flex app. So somehow I should know who's making that call. I feel like I should refactor my webservice methods to take some additional parameters, but I'm not sure.
So how do I authenticate flex call? or know the call is actually made from my Flex app in some browser? and not from a malicious user.
Flex calls my web services over secure https line.
thanks in advance.
If the SWF is hosted on the same domain as the webservice and you don't
allow access to other domains you should be pretty safe.
Yes, you can decode a SWF, but in the release SWF there isn't nearly as much
Thanks Flex HarUI,
About the first sentence that you wrote...
"If the SWF is hosted on the same domain as the webservice and you don't
allow access to other domains you should be pretty safe."
how do I restrict access to other domains?
About your second sentence. That's right I didn't hardcode (in my flex code) any important information or any business logic algorithm that should not be exposed to the public.